Cryptanalysis of simple three-party key exchange protocol

被引:58
作者
Guo, Hua [1 ]
Li, Zhoujun [1 ]
Mu, Yi [2 ]
Zhang, Xiyong [3 ]
机构
[1] Beihang Univ, Sch Engn & Comp Sci, Beijing 100083, Peoples R China
[2] Univ Wollongong, Sch Comp Sci Software Engn, Ctr Comp & Informat Secur Res, Wollongong, NSW 2522, Australia
[3] Informat Engn Univ, Dept Appl Math, Zhengzhou 450002, Peoples R China
关键词
password-authenticated key exchange; cryptanalysis; security; dictionary attack; man-in-the-middle attack;
D O I
10.1016/j.cose.2008.03.001
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Recently, Lu and Cao published a novel protocol for password-based authenticated key exchanges (PAKE) in a three-party setting in journal of Computers and Security, where two clients, each shares a human-memorable password with a trusted server, can construct a secure session key. They argued that their simple three-party PAKE (3-PAKE) protocol can resist against various known attacks. In this paper, we show that this protocol is vulnerable to a kind of man-in-the-middle attack that exploits an authentication flaw in their protocol and is subject to the undetectable on-line dictionary attack. We also conduct a detailed analysis on the flaws in the protocol and provide an improved protocol. (c) 2008 Elsevier Ltd. All rights reserved.
引用
收藏
页码:16 / 21
页数:6
相关论文
共 18 条
  • [1] Abdalla M, 2005, LECT NOTES COMPUT SC, V3386, P65
  • [2] Abdalla M, 2005, LECT NOTES COMPUT SC, V3570, P341
  • [3] Abdalla M, 2005, LECT NOTES COMPUT SC, V3376, P191
  • [4] [Anonymous], ACM OPERATING SYSTEM
  • [5] BOYD C, 2003, PROTOCOLS AUTHENTICA
  • [6] Byun JW, 2006, LECT NOTES COMPUT SC, V3841, P830
  • [7] A novel three-party encrypted key exchange protocol
    Chang, CC
    Chang, YF
    [J]. COMPUTER STANDARDS & INTERFACES, 2004, 26 (05) : 471 - 476
  • [8] An efficient protocol for authenticated key agreement
    Law, L
    Menezes, A
    Qu, MH
    Solinas, J
    Vanstone, S
    [J]. DESIGNS CODES AND CRYPTOGRAPHY, 2003, 28 (02) : 119 - 134
  • [9] Efficient verifier-based key agreement protocol for three parties without server's public key
    Lee, SW
    Kim, HS
    Yoo, KY
    [J]. APPLIED MATHEMATICS AND COMPUTATION, 2005, 167 (02) : 996 - 1003
  • [10] Enhanced three-party encrypted key exchange without server public keys
    Lee, TF
    Hwang, T
    Lin, CL
    [J]. COMPUTERS & SECURITY, 2004, 23 (07) : 571 - 577